unfuck
Our great sponsors
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
unfuck
-
Show HN: A new LLVM optimization pass that aggressively reduces WebAssembly size
This is sweet! This is actually a very similar approach to how I deobfuscate Python bytecode: https://github.com/landaire/unfuck/blob/bfa164b4e261deffeb37...
My code is pretty messy, but I take the same exact approach of taking known function parameters, interpreting the instructions, and removing any condition and the instructions which built its arguments if it evaluates to a constant value. Even called it partial execution as well :p
- GitHub - landaire/unfuck: Python 2.7 bytecode d̶e̶o̶b̶f̶u̶s̶c̶a̶t̶o̶r unfucker
-
Unfuck: A utility for deobfuscating Python 2.7 bytecode
I haven't heard of this tool before, but I don't think it would work for obfuscated code. Check out the graph image on my wiki [1]. While this image doesn't show the exact scenario, imagine that the first instruction is a `JUMP_ABSOLUTE 100` and the rest of the instructions between offset [3,100) are just garbage or invalid.
A naive disassembler (like the `dis` module in python) interprets the bytecode linearly -- i.e. one instruction after another. Rizin's diassembler [2] seems to take the same approach. The way I do disassembly is to only disassemble code paths that are potentially executed by queueing non-conditional jumps, both targets of a conditional jump, and the next instruction when the current instruction is non-jumping instruction.
[1] https://github.com/landaire/unfuck/wiki/Obfuscation-Tricks
- unfuck - a deobfuscator for Python 2.7 bytecode
- Show HN: Obfuscation Tool for Mixed Boolean Arithmetic in Rust
-
Show HN: Obfuscation Tool for Mixed Boolean Arithmetic Expressions
Example of output: https://github.com/seekbytes/pocket#example
Mixed Boolean Arithmetic refers to expressions which include boolean, and arithmetic operations (AND, OR, XOR, PLUS, MINUS, MULTIPLY..). Let an expression be something like A + B. My tool applies some transformations to re-write this expression in more complex terms (such as ((A & B) + (A | B))).
- Show HN: Mixed Boolean Arithmetic Expression Obfuscation in Rust
- Show HN: Pocket – Mixed Boolean Arithmetic Obfuscator
-
Introduction to Pocket: obfuscator for MBA expressions
The repository for the tool I developed is https://github.com/seekbytes/pocket :) Enjoy it!
What are some alternatives?
rizin - UNIX-like reverse engineering framework and command-line toolset.
cpplumber - Static analysis tool based on clang, which detects source-to-binary information leaks in C and C++ projects
cwe_checker - cwe_checker finds vulnerable patterns in binary executables
debugoff - Linux anti-debugging and anti-analysis rust library
obfuscar - Open source obfuscation tool for .NET assemblies
thefuck - Magnificent app which corrects your previous console command.
rusty-jsyc - JavaScript-To-Bytecode compiler written in Rust
SkidSuite - A collection of java reverse engineering tools and informational links
binocle - a graphical tool to visualize binary data
goblin - An impish, cross-platform binary parsing crate, written in Rust